Realst Mac Malware Targets New macOS Releases

In a sweeping cyber campaign aimed at both Windows and macOS users, a novel infostealer malware called "Realst" has been uncovered by vigilant security researchers. This devious malware is cleverly hidden within counterfeit blockchain games, and even the upcoming macOS 14 Sonoma isn't spared from its nefarious intentions.

Initially detected by the diligent researcher iamdeadlyz, the Realst infostealer is being propagated through deceptive blockchain games like Brawl Earth, WildWorld, Dawnland, Destruction, Evolion, and SaintLegend. These sham games are shamelessly promoted on malicious websites and social media platforms, with Twitter being one of the mediums for such dubious endorsements. To lend an air of legitimacy, each game comes with its dedicated Discord and Twitter accounts, leading some unsuspecting individuals to fall prey to these traps.

Realst Under the Microscope

An analysis conducted by SentinelOne has revealed that the new malware is skillfully written in Rust, an emerging programming language gaining significant recognition in the tech community. Even more concerning is the discovery that certain variations of the malware are already targeting the yet-to-be-released macOS 14 Sonoma, slated for public launch in the forthcoming fall season. Surprisingly, about a third of the identified samples contain specific elements targeting Sonoma, raising questions about the malware's behavior on this upcoming macOS version as compared to Ventura.

Evidently, the malicious actors behind Realst have a keen interest in Apple's latest macOS, as evidenced by its recurring mention in the malware's code. It suggests their determination to linger and exploit the vulnerabilities of the forthcoming operating system.

What's most alarming about Realst is its ability to operate stealthily on compromised macOS devices, covertly extracting various web browser data, including stored passwords, to be surreptitiously relayed to the threat actors. The malware strategically targets web browsers like Firefox, Chrome, Opera, Brave, and Vivaldi, while strangely leaving Safari untouched. One might ponder whether this peculiar omission reflects Apple's robust security measures surrounding its web browser.

The malicious consequences of falling victim to Realst are devastating, with the malware capable of completely emptying cryptocurrency wallets within a matter of minutes after infection. This immediate and profound impact on digital assets makes the situation even more perilous for those affected.